Skip to content

Commit

Permalink
Merge pull request #42 from iress/openid-secure-samesite
Browse files Browse the repository at this point in the history 
Set cookies as `secure` and `samesite: strict`in open github and openid
  • Loading branch information
@SiCoe
SiCoe authored Sep 26, 2023
2 parents fee9836 + 360ada9 commit c84be23
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 11 deletions.
25 changes: 16 additions & 9 deletions authn/github.index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,16 +70,23 @@ function mainProcess(event, context, callback) {
}],
"set-cookie" : [{
"key": "Set-Cookie",
"value" : cookie.serialize('TOKEN', jwt.sign(
{ },
config.PRIVATE_KEY.trim(),
"value" : cookie.serialize(
'TOKEN',
jwt.sign(
{ },
config.PRIVATE_KEY.trim(),
{
audience: headers.host[0].value,
subject: auth.getSubject(username),
expiresIn: config.SESSION_DURATION,
algorithm: 'RS256'
} // Options
),
{
audience: headers.host[0].value,
subject: auth.getSubject(username),
expiresIn: config.SESSION_DURATION,
algorithm: 'RS256'
} // Options
))
sameSite: 'strict',
secure: true
}
)
}],
},
};
Expand Down
8 changes: 6 additions & 2 deletions authn/openid.index.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,9 @@ function mainProcess(event, context, callback) {
} // Options
), {
path: '/',
maxAge: config.SESSION_DURATION
maxAge: config.SESSION_DURATION,
sameSite: 'strict',
secure: true
})
},
{
Expand Down Expand Up @@ -309,7 +311,9 @@ function redirect(request, headers, callback) {
"key": "Set-Cookie",
"value" : cookie.serialize('NONCE', n[1], {
path: '/',
httpOnly: true
httpOnly: true,
sameSite: 'strict',
secure: true
})
}
],
Expand Down

0 comments on commit c84be23

Please sign in to comment.